Ensure parameter values are quoted when needed when editing roles. Fixes #4393

docs/en_US/release_notes_4_11.rst

@@ -17,6 +17,7 @@ Bug fixes
 *********
 
 | `Bug #4224 <https://redmine.postgresql.org/issues/4224>`_ -  Prevent flickering of large tooltips on the Graphical EXPLAIN canvas.
+| `Bug #4393 <https://redmine.postgresql.org/issues/4393>`_ -  Ensure parameter values are quoted when needed when editing roles.
 | `Bug #4395 <https://redmine.postgresql.org/issues/4395>`_ -  EXPLAIN options should be Query Tool instance-specific.
 | `Bug #4429 <https://redmine.postgresql.org/issues/4429>`_ -  Ensure drag/drop from the treeview works as expected on Firefox.
 | `Bug #4437 <https://redmine.postgresql.org/issues/4437>`_ -  Fix table icon issue when updating any existing field.

web/pgadmin/browser/server_groups/servers/databases/schemas/tables/templates/columns/sql/default/get_position.sql

@@ -1,4 +1,4 @@
 SELECT att.attnum
 FROM pg_attribute att
     WHERE att.attrelid = {{tid}}::oid
-    AND att.attname = {{data.name|qtLiteral}}
+    AND att.attname = {{data.name|qtLiteral(True)}}

web/pgadmin/browser/server_groups/servers/templates/macros/variable.macros

@@ -4,7 +4,7 @@
 {% macro APPLY(conn, database, role, param, value) -%}
 ALTER {% if role %}ROLE {{ self.conn|qtIdent(role) }}{% if database %} IN DATABASE {{ conn|qtIdent(database) }}{% endif %}{% else %}DATABASE {{ conn|qtIdent(database) }}{% endif %}
 
-    SET {{ conn|qtIdent(param) }} TO {{ value }};
+    SET {{ conn|qtIdent(param) }} TO {{ value|qtLiteral }};
 {%- endmacro %}
 {% macro RESET(conn, database, role, param) -%}
 ALTER {% if role %}ROLE {{ self.conn|qtIdent(role) }}{% if database %} IN DATABASE {{ conn|qtIdent(database) }}{% endif %}{% else %}DATABASE {{ conn|qtIdent(database) }}{% endif %}

web/pgadmin/utils/driver/psycopg2/__init__.py

@@ -228,7 +228,7 @@ class Driver(BaseDriver):
                 mgr.release()
 
     @staticmethod
-    def qtLiteral(value):
+    def qtLiteral(value, forceQuote=False):
         adapted = adapt(value)
 
         # Not all adapted objects have encoding
@@ -242,7 +242,14 @@ class Driver(BaseDriver):
         res = adapted.getquoted()
 
         if isinstance(res, bytes):
-            return res.decode('utf-8')
+            res = res.decode('utf-8')
+
+        if forceQuote is True:
+            # Convert the input to the string to use the startsWith(...)
+            res = str(res)
+            if not res.startswith("'"):
+                return "'" + res + "'"
+
         return res
 
     @staticmethod
@@ -343,6 +350,10 @@ class Driver(BaseDriver):
         value = None
 
         for val in args:
+            # DataType doesn't have len function then convert it to string
+            if not hasattr(val, '__len__'):
+                val = str(val)
+
             if len(val) == 0:
                 continue
             if hasattr(str, 'decode') and not isinstance(val, unicode):
@@ -354,7 +365,7 @@ class Driver(BaseDriver):
                     val = str(val).decode('utf-8')
             value = val
 
-            if (Driver.needsQuoting(val, True)):
+            if Driver.needsQuoting(val, True):
                 value = value.replace("\"", "\"\"")
                 value = "\"" + value + "\""
 
@@ -372,6 +383,11 @@ class Driver(BaseDriver):
         for val in args:
             if type(val) == list:
                 return map(lambda w: Driver.qtIdent(conn, w), val)
+
+            # DataType doesn't have len function then convert it to string
+            if not hasattr(val, '__len__'):
+                val = str(val)
+
             if hasattr(str, 'decode') and not isinstance(val, unicode):
                 # Handling for python2
                 try:
@@ -385,7 +401,7 @@ class Driver(BaseDriver):
 
             value = val
 
-            if (Driver.needsQuoting(val, False)):
+            if Driver.needsQuoting(val, False):
                 value = value.replace("\"", "\"\"")
                 value = "\"" + value + "\""